Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Mes protections pc ne fonctionnent plus RESOLU

Captainigloo
 Partager

Messages recommandés

Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

:P :P Ok

 

_____________________________________________

 

 

ComboFix 09-05-08.03 - Cyril 09/05/2009 9:57.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2221 [GMT 2:00]

Lancé depuis: c:\users\Cyril\Desktop\CyrilFix.exe

AV: avast! antivirus 4.8.1229 [VPS 081119-0] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

C:\Muestras

c:\muestras\FLEC006.EXE.Muestra EliBagle v12.53

c:\muestras\WINUPGRO.EXE.Muestra EliBagle v12.53

c:\program files\DAEMON Tools Lite\daemon.exe

c:\program files\Windows Live\Messenger\msnmsgr.exe

c:\users\Cyril\AppData\Roaming\drivers\downld

c:\users\Cyril\AppData\Roaming\drivers\downld\100059.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\100527.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\100729.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\101073.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\101307.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\101931.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\101946.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\102040.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\102149.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\102227.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\102601.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\102633.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\103054.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\103397.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\103740.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\103834.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\104037.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\104115.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\104349.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\104395.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\104910.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\105051.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\105175.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\105643.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\108046.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\108186.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\108607.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\109153.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\111025.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\111915.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\111961.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\112336.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\112975.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\114270.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\115690.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\115924.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\116361.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\116875.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\117811.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\117967.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\118014.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\118451.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\118779.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\119886.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\120963.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\121633.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\121977.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\122289.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\122710.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\123069.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\123505.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\123583.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\123911.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\124363.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\125003.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\125892.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\126672.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\129652.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\130136.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\130276.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\130541.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\131602.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\131945.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\133568.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\133989.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\134940.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\135362.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\135814.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\148809.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14974504.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14974520.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14987842.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14989231.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14989590.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14997717.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14998357.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\14998762.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15012615.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15015891.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15016968.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15021211.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15103205.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15104531.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15104890.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15126746.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15127962.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15128602.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15132580.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15132596.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15135217.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15135232.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15142299.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15143110.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15143547.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15145591.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15161003.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\151664.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\153005.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15326989.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15327004.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15393788.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15394459.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15394677.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\154082.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\156547.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15716008.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\157483.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15948575.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15948809.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\15948996.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\182146.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\183160.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\184299.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\188090.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\189728.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\190508.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\191444.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\192832.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\193644.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\199026.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\199930.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\200320.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\205422.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\206545.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\207559.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\208167.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\208807.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\209259.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\209727.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\210570.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\211818.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\212301.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\212488.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\213830.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\213846.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\214095.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\214891.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\215234.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\215936.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\216092.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\217980.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\218588.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\218666.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\218775.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\219587.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\220055.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\220273.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\221037.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\221802.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\222519.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\222535.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\223284.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\223346.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\223923.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\224064.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\224079.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\224111.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\224937.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\225889.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\230382.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\231068.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\231677.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\231786.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\232176.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\232363.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\232691.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\232925.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233143.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233159.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233330.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233502.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233580.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\233829.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234251.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234329.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234391.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234469.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234485.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234797.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\234953.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\235249.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\235296.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\235452.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\235530.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\236154.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\236263.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\236419.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\236996.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\237105.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\237355.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\237995.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\238447.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\238556.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\238837.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239133.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239149.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239321.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239336.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239352.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\239633.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\240288.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\240366.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\240444.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\240896.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\241349.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\241442.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\241692.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\241817.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\242129.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\242144.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\242534.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\242955.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\243111.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\243548.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\243673.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\243923.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\244718.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\245015.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\245607.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\245795.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\246138.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\246465.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\246855.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\247121.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\247433.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\247823.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\248088.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\248244.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\248603.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\249102.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\249305.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\249383.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\249742.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\249773.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\250085.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\250334.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\250522.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\250553.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\250568.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251005.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251348.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251520.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251660.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251676.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\251879.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\252612.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\252846.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\253735.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\256418.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\257417.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\258150.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\258166.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\258680.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\259102.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\259414.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\259850.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\260443.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\260802.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\260911.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\261910.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\262378.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\262487.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\262674.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\262799.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\264608.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\265217.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\265342.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\265872.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\266621.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\266652.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\267073.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\268774.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\268930.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\269710.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\270583.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\271332.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\274296.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\274577.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\275887.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\276308.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\277478.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\278789.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\279210.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\290505.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\292080.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\294467.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30349354.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30363426.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30364533.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30364892.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30372864.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30373457.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30373862.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30383394.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30386717.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30387809.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30391459.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30464514.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30465497.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30466340.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30490223.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30491830.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30492501.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30496073.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30496089.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30498819.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30498835.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30503936.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30505387.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30506011.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30506791.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30522921.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30684959.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30684975.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30751821.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30752321.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30752539.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30764941.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30831694.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\30831710.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\317181.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\318772.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\319146.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\327165.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\328226.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\328787.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\341002.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\351704.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\352843.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\405462.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\405680.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\405696.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\415867.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\416163.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\417801.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\418020.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\420438.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\420656.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\420672.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\431077.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\431358.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\433479.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\434025.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\434431.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\434681.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\434915.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\438768.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\439127.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\448549.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\448783.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\457488.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\457940.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\457956.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\459001.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\459188.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\460982.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\461201.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\462199.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\462948.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\465413.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\466505.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\471591.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\472651.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\472901.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\473322.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\473541.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\473759.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\483291.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\484273.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\484492.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\484648.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\485615.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\485833.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\487347.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\488439.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\488657.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\489967.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\494164.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\500498.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\502744.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\507252.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\507346.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\508188.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\508407.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\508875.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\509577.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\509904.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\510622.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\510638.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\515474.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\516472.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\516690.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\517455.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\525239.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\526144.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\526362.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\528016.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\529139.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\529358.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\532057.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\53492.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\537610.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\56378.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\567250.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\568093.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\568670.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\569232.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\573007.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\57330.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\573350.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\573444.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\57345.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\574068.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\574192.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\592678.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\592928.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\592944.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\598482.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\599371.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\599589.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\599839.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\599948.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\600229.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\60060.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\601508.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\60512.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\613988.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\619433.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\620291.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\620571.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\621273.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\621289.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\63726.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\63742.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\64397.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\64678.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\65863.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\659728.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\65988.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\660773.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\660991.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\66752.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\67064.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\67080.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\671989.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\672910.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\67454.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\67470.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\67673.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\68531.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\68609.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\69326.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\69451.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\69748.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\69810.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\69904.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\703829.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\70512.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\71074.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\71557.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\71573.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\72088.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\73585.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\741457.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\74474.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\75114.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\76034.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\76222.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\76471.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\76783.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\77860.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\780753.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\781549.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\79030.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\81229.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\81448.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\82228.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\82259.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\82649.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\83866.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\84334.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\84474.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\84739.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\85706.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\85940.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\86034.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\86096.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\86408.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\86440.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\87313.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\87766.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\87937.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\88483.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\89357.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\89794.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\89934.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\90199.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\91198.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\91338.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\91806.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\91884.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\92492.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\92789.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\93506.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\94115.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\94645.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\97219.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\97609.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\97906.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\97999.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\98701.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\99497.exe

c:\users\Cyril\AppData\Roaming\drivers\downld\99528.exe

c:\users\Cyril\AppData\Roaming\drivers\srosa2.sys

c:\users\Cyril\AppData\Roaming\drivers\wfsintwq.sys

c:\users\Cyril\AppData\Roaming\drivers\winupgro.exe

c:\users\Cyril\AppData\Roaming\m

c:\users\Cyril\AppData\Roaming\m\data.oct

c:\users\Cyril\AppData\Roaming\m\flec006.exe

c:\users\Cyril\AppData\Roaming\m\list.oct

c:\users\Cyril\AppData\Roaming\m\shared\2Easy Mp3 Search 1.0 [Crack].zip

c:\users\Cyril\AppData\Roaming\m\shared\Brooke Shields 1.0.zip

c:\users\Cyril\AppData\Roaming\m\shared\CitiesDailyPhoto 1.3a.zip

c:\users\Cyril\AppData\Roaming\m\shared\Customer Invoice Template 1.0 [Key].zip

c:\users\Cyril\AppData\Roaming\m\shared\DriverBackup! 1.0.3.zip

c:\users\Cyril\AppData\Roaming\m\shared\DVD To WMA Ripper 1.00.zip

c:\users\Cyril\AppData\Roaming\m\shared\Easy Karaoke Player 3.0.zip

c:\users\Cyril\AppData\Roaming\m\shared\Effective Site Studio 6.zip

c:\users\Cyril\AppData\Roaming\m\shared\Europa Universalis II 1.01 patch.zip

c:\users\Cyril\AppData\Roaming\m\shared\FotoTagger 2.13.zip

c:\users\Cyril\AppData\Roaming\m\shared\FotoTime FotoAlbum Pro 5.3.1.4 Cracked.zip

c:\users\Cyril\AppData\Roaming\m\shared\Ghost 1.0.zip

c:\users\Cyril\AppData\Roaming\m\shared\Ghost in the Shell 2 Innocence Screensaver.zip

c:\users\Cyril\AppData\Roaming\m\shared\Historic Magic Posters Screensaver 1.0 (Key).zip

c:\users\Cyril\AppData\Roaming\m\shared\InfoBlaster IN4 1.0.0.1 (With Crack).zip

c:\users\Cyril\AppData\Roaming\m\shared\LockTheMatrix 4.0.zip

c:\users\Cyril\AppData\Roaming\m\shared\MyNetProtector Pop Up Stopper 1.0 With Crack.zip

c:\users\Cyril\AppData\Roaming\m\shared\PictureRSS Gadget 1.2.zip

c:\users\Cyril\AppData\Roaming\m\shared\pyiTctrl 0.0.1.zip

c:\users\Cyril\AppData\Roaming\m\shared\QuickCheck (English) 2.6.zip

c:\users\Cyril\AppData\Roaming\m\shared\ScreenGrasp 1.1.zip

c:\users\Cyril\AppData\Roaming\m\shared\SoccerWinners Connections 1.zip

c:\users\Cyril\AppData\Roaming\m\shared\Sonicbytes Gat'R 1.1.zip

c:\users\Cyril\AppData\Roaming\m\shared\TAL Bar Code ActiveX Control (Key).zip

c:\users\Cyril\AppData\Roaming\m\shared\TeleKast 1.0.0.14 Alpha.zip

c:\users\Cyril\AppData\Roaming\m\shared\The Moon Screensaver 1.0.zip

c:\users\Cyril\AppData\Roaming\m\shared\VersyPDF.Delphi 2.1 Crack.zip

c:\users\Cyril\AppData\Roaming\m\shared\WebSpeed Simulator 3.0.6030 (Key+Serial).zip

c:\users\Cyril\AppData\Roaming\m\shared\World Languages Lab 4.1.zip

c:\users\Cyril\AppData\Roaming\m\shared\XP CRYPT Itanium SQL 4.3.0 (With Crack).zip

c:\users\Cyril\AppData\Roaming\m\srvlist.oct

c:\windows\system32\ban_list.txt

c:\windows\system32\mdelk.exe

c:\windows\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SROSA

-------\Legacy_SROSA

-------\Legacy_SK9OU0S

-------\Service_sK9Ou0s

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))

.

 

2009-05-09 07:48 . 2009-05-09 07:48 -------- d-----w C:\cyrilix

2009-05-08 19:55 . 2009-05-08 19:55 -------- d-----w c:\programdata\WindowsSearch

2009-05-08 19:55 . 2009-05-08 19:55 -------- d-----w c:\users\All Users\WindowsSearch

2009-05-08 18:09 . 2009-05-08 18:34 -------- d-----w c:\program files\trend micro

2009-05-08 18:09 . 2009-05-08 18:15 -------- d-----w C:\rsit

2009-05-08 12:37 . 2009-05-08 12:37 -------- d-----w c:\program files\CCleaner

2009-05-08 12:06 . 2009-05-08 12:06 -------- d-----w c:\users\Cyril\AppData\Roaming\Lavasoft

2009-05-08 11:20 . 2009-05-09 07:59 -------- d--h--w c:\users\Cyril\AppData\Roaming\drivers

2009-04-21 13:05 . 2009-05-09 08:00 -------- d-----w c:\program files\DAEMON Tools Lite

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\users\Cyril\AppData\Roaming\DAEMON Tools Pro

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\programdata\DAEMON Tools Lite

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\users\All Users\DAEMON Tools Lite

2009-04-20 09:46 . 2009-04-20 09:47 -------- d-----w c:\users\Cyril\AppData\Roaming\DAEMON Tools Lite

2009-04-19 17:53 . 2006-08-01 09:31 3600384 ----a-w c:\windows\ffmpeg.exe

2009-04-19 17:53 . 2007-09-10 06:50 457984 ----a-w c:\windows\system32\drivers\PAC7302.SYS

2009-04-19 17:53 . 2008-02-27 13:27 98432 ----a-w c:\windows\system32\drivers\camfilt2.sys

2009-04-19 17:53 . 2009-04-19 17:53 -------- d-----w c:\program files\Hercules

2009-04-19 17:53 . 2009-04-19 17:53 -------- d-----w c:\windows\system32\HWC HD

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-08 20:25 . 2006-11-02 15:48 669328 ----a-w c:\windows\system32\perfh00C.dat

2009-05-08 20:25 . 2006-11-02 15:48 123350 ----a-w c:\windows\system32\perfc00C.dat

2009-05-08 18:48 . 2007-07-10 13:07 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-29 08:39 . 2008-07-17 09:54 101856 ----a-w c:\users\Cyril\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-29 08:06 . 2007-07-10 13:17 -------- d-----w c:\program files\Microsoft Works

2009-04-20 22:59 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-20 22:52 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-19 17:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-04-19 17:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-03-24 20:42 . 2008-07-19 10:02 -------- d-----w c:\program files\Java

2009-03-22 10:40 . 2008-07-17 12:14 -------- d-----w c:\program files\Mozilla Thunderbird

2009-03-17 15:29 . 2008-07-19 19:56 -------- d-----w c:\programdata\ma-config.com

2009-03-17 15:29 . 2008-07-19 19:56 -------- d-----w c:\program files\ma-config.com

2009-03-17 03:38 . 2009-04-20 08:45 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-20 08:45 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-12 20:40 . 2008-07-18 08:44 716 ----a-w c:\users\Cyril\AppData\Roaming\wklnhst.dat

2009-03-09 04:19 . 2008-12-09 15:04 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 11:34 . 2009-04-29 08:03 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-04-29 08:03 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-04-29 08:03 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-04-29 08:03 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-04-29 08:03 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-04-29 08:03 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-04-29 08:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-04-29 08:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-04-29 08:03 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-04-29 08:03 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-04-29 08:03 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-04-29 08:03 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-04-29 08:03 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-04-29 08:03 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-04-29 08:03 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-04-29 08:03 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-04-29 08:03 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-04-29 08:03 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-03 04:46 . 2009-04-20 08:45 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-20 08:45 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-20 08:45 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-20 08:45 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-20 08:45 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-20 08:45 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-20 08:45 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-20 08:45 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-20 08:45 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-20 08:45 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-13 08:49 . 2009-04-20 08:45 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-20 08:45 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-12 09:20 2033152 ----a-w c:\windows\system32\win32k.sys

2008-07-19 19:38 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2007-12-10 19:24 . 2007-12-10 19:24 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-08 81000]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684771895-3763166589-4040009352-1000]

"EnableNotificationsRef"=dword:00000004

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3815E209-4DF2-4CF0-964F-63927FBFE08A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0C32ACE3-DA1F-469C-8D0C-C4C84671DB56}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1559055D-B1E4-4576-B221-EC793993CEC3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{D1FF41DB-15E9-48CF-9A69-B0199CF49FC0}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{AB9C13F7-3821-4F1C-B932-DBC6DFD90792}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{E19B0516-2539-49D0-881D-0FBB7A04F587}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{3F7F745C-EE8A-42BF-95CE-F704AB7953B8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D52535F0-C15F-4ECD-B05E-833E6A1E6A48}"= Disabled:UDP:c:\users\Cyril\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

"{8C154A48-CA17-4827-A331-017F5BE15EC5}"= Disabled:TCP:c:\users\Cyril\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

"{EB8FE6BE-936B-45A8-9906-25894624F644}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{2F7C2CE9-B941-4E33-88C9-708087A360C9}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2008 23:52 51792]

R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [19/04/2009 19:53 98432]

R3 PAC7302;Hercules Classic Link;c:\windows\System32\drivers\PAC7302.SYS [19/04/2009 19:53 457984]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [18/03/2009 10:51 48128]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 10:34 216232]

S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 23:29 454520]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f6dee2-6a4b-11dd-8020-001c2557e85b}]

\shell\AutoRun\command - K:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f54c59-b37c-11dc-8d4f-806e6f6e6963}]

\shell\AutoRun\command - J:\o1.com

\shell\explore\Command - J:\o1.com

\shell\open\Command - J:\o1.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ef50c6-2e5a-11de-9d95-001c2557e85b}]

\shell\AutoRun\command - K:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a55ce9-728a-11dd-a09f-001c2557e85b}]

\shell\AutoRun\command - L:\SETUP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://fr.fr.acer.yahoo.com

uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Cyril\AppData\Roaming\Mozilla\Firefox\Profiles\e3r8f633.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-09 10:03

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\*& à**H* à** *z*à**ø*o*à**e*p*o*s*i*t*i*o*n*\resvars]

"HLISTOFFSET"="284.000000"

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\conime.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\WUDFHost.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2009-05-09 10:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-05-09 08:05

 

Avant-CF: 125 643 034 624 octets libres

Après-CF: 125 258 354 688 octets libres

 

774 --- E O F --- 2009-05-08 08:56

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bien, on poursuit.

 

Télécharge CFScript.txt et enregistre le sur ton bureau.

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
     
    CFScriptB-4.gif
  • Une fenêtre bleue va apparaître, valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Branche tes supports amovibles (clés USB, lecteurs MP3, cartes Flash, etc.) sans les ouvrir.
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

Rebonjour Gof

 

Voici le .txt suite à la première manip. Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

__________________________________________________

 

ComboFix 09-05-08.03 - Cyril 09/05/2009 19:14.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2060 [GMT 2:00]

Lancé depuis: c:\users\Cyril\Desktop\CyrilFix.exe

Commutateurs utilisés :: c:\users\Cyril\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1229 [VPS 081119-0] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

 

FILE ::

c:\users\Cyril\AppData\Roaming\wklnhst.dat

J:\o1.com

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Cyril\AppData\Roaming\drivers

c:\users\Cyril\AppData\Roaming\wklnhst.dat

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))

.

 

2009-05-09 07:48 . 2009-05-09 07:48 -------- d-----w C:\cyrilix

2009-05-08 19:55 . 2009-05-08 19:55 -------- d-----w c:\programdata\WindowsSearch

2009-05-08 19:55 . 2009-05-08 19:55 -------- d-----w c:\users\All Users\WindowsSearch

2009-05-08 18:09 . 2009-05-08 18:34 -------- d-----w c:\program files\trend micro

2009-05-08 18:09 . 2009-05-08 18:15 -------- d-----w C:\rsit

2009-05-08 12:37 . 2009-05-08 12:37 -------- d-----w c:\program files\CCleaner

2009-05-08 12:06 . 2009-05-08 12:06 -------- d-----w c:\users\Cyril\AppData\Roaming\Lavasoft

2009-04-21 13:05 . 2009-05-09 08:00 -------- d-----w c:\program files\DAEMON Tools Lite

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\users\Cyril\AppData\Roaming\DAEMON Tools Pro

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\programdata\DAEMON Tools Lite

2009-04-20 09:47 . 2009-04-20 09:47 -------- d-----w c:\users\All Users\DAEMON Tools Lite

2009-04-20 09:46 . 2009-04-20 09:47 -------- d-----w c:\users\Cyril\AppData\Roaming\DAEMON Tools Lite

2009-04-19 17:53 . 2006-08-01 09:31 3600384 ----a-w c:\windows\ffmpeg.exe

2009-04-19 17:53 . 2007-09-10 06:50 457984 ----a-w c:\windows\system32\drivers\PAC7302.SYS

2009-04-19 17:53 . 2008-02-27 13:27 98432 ----a-w c:\windows\system32\drivers\camfilt2.sys

2009-04-19 17:53 . 2009-04-19 17:53 -------- d-----w c:\program files\Hercules

2009-04-19 17:53 . 2009-04-19 17:53 -------- d-----w c:\windows\system32\HWC HD

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-09 08:08 . 2006-11-02 15:48 669328 ----a-w c:\windows\system32\perfh00C.dat

2009-05-09 08:08 . 2006-11-02 15:48 123350 ----a-w c:\windows\system32\perfc00C.dat

2009-05-08 18:48 . 2007-07-10 13:07 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-29 08:39 . 2008-07-17 09:54 101856 ----a-w c:\users\Cyril\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-29 08:06 . 2007-07-10 13:17 -------- d-----w c:\program files\Microsoft Works

2009-04-20 22:59 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-20 22:52 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-19 17:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-04-19 17:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-03-24 20:42 . 2008-07-19 10:02 -------- d-----w c:\program files\Java

2009-03-22 10:40 . 2008-07-17 12:14 -------- d-----w c:\program files\Mozilla Thunderbird

2009-03-17 15:29 . 2008-07-19 19:56 -------- d-----w c:\programdata\ma-config.com

2009-03-17 15:29 . 2008-07-19 19:56 -------- d-----w c:\program files\ma-config.com

2009-03-17 03:38 . 2009-04-20 08:45 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-20 08:45 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-09 04:19 . 2008-12-09 15:04 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 11:34 . 2009-04-29 08:03 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-04-29 08:03 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-04-29 08:03 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-04-29 08:03 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-04-29 08:03 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-04-29 08:03 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-04-29 08:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-04-29 08:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-04-29 08:03 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-04-29 08:03 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-04-29 08:03 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-04-29 08:03 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-04-29 08:03 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-04-29 08:03 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-04-29 08:03 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-04-29 08:03 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-04-29 08:03 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-04-29 08:03 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-03 04:46 . 2009-04-20 08:45 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-20 08:45 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-20 08:45 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-20 08:45 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-20 08:45 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-20 08:45 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-20 08:45 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-20 08:45 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-20 08:45 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-20 08:45 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-13 08:49 . 2009-04-20 08:45 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-20 08:45 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-12 09:20 2033152 ----a-w c:\windows\system32\win32k.sys

2008-07-19 19:38 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2007-12-10 19:24 . 2007-12-10 19:24 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-09_08.03.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-02 13:05 . 2009-05-09 08:03 84484 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-17 09:54 . 2009-05-09 08:03 9044 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2684771895-3763166589-4040009352-1000_UserData.bin

+ 2006-11-02 10:33 . 2009-05-09 08:08 586980 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-05-08 20:25 586980 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-05-09 08:08 101052 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-05-08 20:25 101052 c:\windows\System32\perfc009.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-08 81000]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684771895-3763166589-4040009352-1000]

"EnableNotificationsRef"=dword:00000004

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3815E209-4DF2-4CF0-964F-63927FBFE08A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0C32ACE3-DA1F-469C-8D0C-C4C84671DB56}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1559055D-B1E4-4576-B221-EC793993CEC3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{D1FF41DB-15E9-48CF-9A69-B0199CF49FC0}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{AB9C13F7-3821-4F1C-B932-DBC6DFD90792}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{E19B0516-2539-49D0-881D-0FBB7A04F587}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{3F7F745C-EE8A-42BF-95CE-F704AB7953B8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D52535F0-C15F-4ECD-B05E-833E6A1E6A48}"= Disabled:UDP:c:\users\Cyril\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

"{8C154A48-CA17-4827-A331-017F5BE15EC5}"= Disabled:TCP:c:\users\Cyril\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

"{EB8FE6BE-936B-45A8-9906-25894624F644}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{2F7C2CE9-B941-4E33-88C9-708087A360C9}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2008 23:52 51792]

R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [19/04/2009 19:53 98432]

R3 PAC7302;Hercules Classic Link;c:\windows\System32\drivers\PAC7302.SYS [19/04/2009 19:53 457984]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [18/03/2009 10:51 48128]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 10:34 216232]

S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 23:29 454520]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a55ce9-728a-11dd-a09f-001c2557e85b}]

\shell\AutoRun\command - L:\SETUP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://fr.fr.acer.yahoo.com

uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Cyril\AppData\Roaming\Mozilla\Firefox\Profiles\e3r8f633.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-09 19:16

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\users\Cyril\AppData\Local\Temp\catchme.dll 53248 bytes executable

 

Scan terminé avec succès

Fichiers cachés: 1

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\*& à**H* à** *z*à**ø*o*à**e*p*o*s*i*t*i*o*n*\resvars]

"HLISTOFFSET"="284.000000"

.

Heure de fin: 2009-05-09 19:17

ComboFix-quarantined-files.txt 2009-05-09 17:17

ComboFix2.txt 2009-05-09 08:05

 

Avant-CF: 125 327 257 600 octets libres

Après-CF: 125 295 845 376 octets libres

 

193 --- E O F --- 2009-05-08 08:56

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bien, j'attends la suite avec MBAM, et on avise. :P

 

Le PC doit aller mieux déja je pense, non ? Il sera nécessaire ensuite, (on le fera ensemble à la fin) de réinstaller des outils de protection qui ont été neutralisés par l'infection.

Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

:P Re

 

MBAM a terminer, voici le résulat et oui le pc semble aller mieux, pas de retour d'avast mais ccleaner semble tenir la route.

 

Par contre plus de msn et plus de deamon tools, à réinstaller je suppose.

 

Voici mbam-log-2009-05-09 (20-42-57).txt

___________________________________________________

 

 

Malwarebytes' Anti-Malware 1.36

Version de la base de données: 2099

Windows 6.0.6001 Service Pack 1

 

09/05/2009 20:42:57

mbam-log-2009-05-09 (20-42-57).txt

 

Type de recherche: Examen complet (C:\|D:\|F:\|L:\|)

Eléments examinés: 178371

Temps écoulé: 45 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Qoobox\Quarantine\C\Users\Cyril\AppData\Roaming\drivers\srosa2.sys.vir (Rootkit.Bagle) -> Quarantined and deleted successfully.

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bien, la seule détection se situait dans le répertoire de quarantaine de ComboFix. On va supprimer les éléments utilisés.

 

Rends toi dans ton Menu Démarrer > Exécuter et copie-colle combofix/u puis valide.

Si tu n'y arrives pas parce que la commande Exécuter n'apparaît pas, créée un raccourci sur ton bureau, et copie-colle ce que tu aurais du taper dans l'emplacement du fichier et valide ton raccourci (tu n'auras ainsi qu'à double-cliquer dessus pour l'exécuter, comme si tu l'avais tapé).

 

Supprime les éléments suivants de ton Bureau s'ils sont encore présents :

  • rsit.exe
    Combo-Fix.exe
    CFScript.txt
    mbam-setup.exe

 

Supprime les fichiers et répertoires suivants s'ils sont encore présents :

  • C:\rsit
    C:\ComboFix.txt
    C:\qoobox
    C:\ComboFix2.txt
    C:\ComboFix-quarantined-files.txt

 

Vide ta corbeille. Je t'ai fait télécharger MBAM, je te suggère de le conserver. Il n'y a pas de résidents dans la version gratuite, mais tu pourras continuer à le mettre à jour et à effectuer des analyses ponctuellement. Si tu ne souhaites pas le conserver, tu pourras le désinstaller via le panneau de configuration > Programmes et Fonctionnalités.

 

Reviens m'indiquer si tu as pu faire tout ça sans soucis.

 

Par contre plus de msn et plus de deamon tools, à réinstaller je suppose.
Oui, ils étaient infectés par Bagle. Ils seront à réinstaller si tu le souhaites, comme ton antivirus.
Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

Re GOF,

 

Effectivement le pc va mieux, ccleaner semble être fonctionnel, plus de msn, ni deamon tool, avast ??

 

Voici le .txt de MBAM

 

___________________________________________________

 

Malwarebytes' Anti-Malware 1.36

Version de la base de données: 2099

Windows 6.0.6001 Service Pack 1

 

09/05/2009 20:42:57

mbam-log-2009-05-09 (20-42-57).txt

 

Type de recherche: Examen complet (C:\|D:\|F:\|L:\|)

Eléments examinés: 178371

Temps écoulé: 45 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Qoobox\Quarantine\C\Users\Cyril\AppData\Roaming\drivers\srosa2.sys.vir (Rootkit.Bagle) -> Quarantined and deleted successfully.

 

 

Désolé pour la répétition je ne sais pas ce que j'ai fait???

 

Je m'occupe de la suite et je t'informe

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Pas grave pour la répétition. J'attends que tu me dises que tout s'est bien passé :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...